diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-01-24 10:02:23 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-01-24 13:20:44 +0100 |
| commit | 6095e82a99cc1c1fcac5e00f0a770302cc46eb2b (patch) | |
| tree | eeed03b65c0f29714e99cb6ae62f077a705b9f87 /src/providers/ldap/ldap_id.c | |
| parent | 07270cd9739b942c63602ef57c513c6a50e6f7ee (diff) | |
| download | sssd-6095e82a99cc1c1fcac5e00f0a770302cc46eb2b.tar.gz sssd-6095e82a99cc1c1fcac5e00f0a770302cc46eb2b.tar.xz sssd-6095e82a99cc1c1fcac5e00f0a770302cc46eb2b.zip | |
LDAP: Don't abort request if no id mapping domain matches
If an ID was requested from the back end, but no ID mapping domain
matched, the request ended with a scary error message. It's better to
treat the request as if no such ID was found in the domain
Related:
https://fedorahosted.org/sssd/ticket/2200
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 6fb675161..422a3b92c 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -129,7 +129,19 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, /* Convert the UID to its objectSID */ err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map, uid, &sid); - if (err != IDMAP_SUCCESS) { + if (err == IDMAP_NO_DOMAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("[%s] did not match any configured ID mapping domain\n", + name)); + + ret = sysdb_delete_user(state->domain, NULL, uid); + if (ret == ENOENT) { + /* Ignore errors to remove users that were not cached previously */ + ret = EOK; + } + + goto fail; + } else if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Mapping ID [%s] to SID failed: [%s]\n", name, idmap_error_string(err))); @@ -213,7 +225,11 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, return req; fail: - tevent_req_error(req, ret); + if (ret != EOK) { + tevent_req_error(req, ret); + } else { + tevent_req_done(req); + } tevent_req_post(req, ev); return req; } @@ -494,10 +510,22 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - /* Convert the UID to its objectSID */ + /* Convert the GID to its objectSID */ err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map, gid, &sid); - if (err != IDMAP_SUCCESS) { + if (err == IDMAP_NO_DOMAIN) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("[%s] did not match any configured ID mapping domain\n", + name)); + + ret = sysdb_delete_group(state->domain, NULL, gid); + if (ret == ENOENT) { + /* Ignore errors to remove users that were not cached previously */ + ret = EOK; + } + + goto fail; + } else if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Mapping ID [%s] to SID failed: [%s]\n", name, idmap_error_string(err))); @@ -585,7 +613,11 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, return req; fail: - tevent_req_error(req, ret); + if (ret != EOK) { + tevent_req_error(req, ret); + } else { + tevent_req_done(req); + } tevent_req_post(req, ev); return req; } |